GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,210
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
227,729 advisories
Filter by severity
A vulnerability, which was classified as problematic, has been found in Kaon CG3000 1.01.43....
Moderate
Unreviewed
CVE-2024-8693
was published
Sep 11, 2024
A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This...
Moderate
Unreviewed
CVE-2024-8694
was published
Sep 11, 2024
SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive...
Unknown
Unreviewed
CVE-2024-42760
was published
Sep 11, 2024
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/...
Critical
Unreviewed
CVE-2018-17558
was published
Oct 27, 2023
The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the...
High
Unreviewed
CVE-2023-39732
was published
Oct 25, 2023
An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via...
High
Unreviewed
CVE-2023-38849
was published
Oct 26, 2023
The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the...
High
Unreviewed
CVE-2023-39733
was published
Oct 25, 2023
The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the...
High
Unreviewed
CVE-2023-39740
was published
Oct 25, 2023
During garbage collection extra operations were performed on a object that should not be. This...
High
Unreviewed
CVE-2023-5728
was published
Oct 25, 2023
The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows...
High
Unreviewed
CVE-2023-39734
was published
Oct 25, 2023
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php...
Critical
Unreviewed
CVE-2023-46010
was published
Oct 25, 2023
Loway - CWE-204: Observable Response Discrepancy
Moderate
Unreviewed
CVE-2024-42343
was published
Sep 8, 2024
The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape...
Moderate
Unreviewed
CVE-2024-3899
was published
Sep 11, 2024
The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings,...
Moderate
Unreviewed
CVE-2024-7716
was published
Sep 11, 2024
PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to...
Moderate
Unreviewed
CVE-2023-48957
was published
Aug 25, 2024
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_ncm: fix...
Moderate
Unreviewed
CVE-2023-52894
was published
Aug 21, 2024
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: don't reissue...
Moderate
Unreviewed
CVE-2023-52895
was published
Aug 21, 2024
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-zynq-qspi: Fix a...
Moderate
Unreviewed
CVE-2021-4441
was published
Aug 22, 2024
When aborting the verification of an OTR chat session, an attacker could have caused a use-after...
Moderate
Unreviewed
CVE-2024-8394
was published
Sep 6, 2024
In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to...
High
Unreviewed
CVE-2024-40655
was published
Sep 11, 2024
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection...
High
Unreviewed
CVE-2024-44844
was published
Sep 6, 2024
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when...
Moderate
Unreviewed
CVE-2024-6856
was published
Sep 8, 2024
In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to...
High
Unreviewed
CVE-2024-40658
was published
Sep 11, 2024
Loftware Spectrum through 4.6 has unprotected JMX Registry.
High
Unreviewed
CVE-2023-37234
was published
Sep 10, 2024
In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable...
High
Unreviewed
CVE-2024-40657
was published
Sep 11, 2024
ProTip!
Advisories are also available from the
GraphQL API